IGD Working Committee Update

Ulhas Warrier

Chair, IGD

Intel Corporation

Outline

IGD v1.0 recap

IGD v2.0 objectives

WLAN Enrollment Scenario

Working Committee Status

Internet Gateway Device 1.0v1.0 approved in Nov 2001

Several IGD products in the market

Different connection types supported PPPoE, PPPoA, IP-Routed

Multiple WAN connections

Access to gateway info Data rate, connection status

Automatic NAT-traversal

Internet

Tell peer to send packet to LAN address

UPnP IGD Examplefor NAT traversal

UPnP IGD Examplefor NAT traversal

NAT using WAN address

Game Host with private LAN IP address

Peer Game System on Internet

Discover IGD, Get WAN IP address

Configure IGD to forwardpackets arriving on the IGD WAN address to host

Home LAN

Routing to private LAN address fails

End to end packet delivery

Tell peer to send packet to IGD’s WAN address

IGDIGD

Committee formed in Q2 2002

Two-fold Charter Future IGD needs – IGD DCP 802.11 access point configuration – AP DCP

Current focus mostly on AP DCP Completion targeted by Q1 ’03 First plugfest in October 2002

Group has weekly teleconference meetings

Current active participants – Broadcom, GlobeSpanVirata, Intel, LG, Microsoft, Thomson

Internet Gateway Device 2.0

IGD DCP 2.0

IPv6 support Existing services modified for IPv6 New services – firewall configuration

IGD v1 enhancements Support for configuring IP Forwarding Port mapping additions

Access Point DCP Simplify Access Point setup

Initial configuration Diagnostic information

Make enrollment of new clients easy Devices with no UI Guest clients Additional access points

Enable deployment of stronger link security Privacy important as WLAN usage increases Make link security setup easy, including 802.1x

Access Point UPnP Services

WLANAccessPointDevice

WLANConfigurationServicerequired

WLANAuthenticationServiceconditionally required

DeviceSecurityrequired

Common way to programmatically access AP information SSID AP mode – repeater or not Valid channel set Physical location of the access point - Longitude-latitude,

location address as in street, city, state, zip Auto-fallback rate, Possible data rates WEP encryption level, Default WEP key, WEP keys (1 to 4) Configuration Status Total number of connected clients

Some of the configuration actions will be secured E.g. setting of WEP key

AP Configuration ServiceAP Configuration Service

Maintains WLAN client list Username Credentials (Password) Access restrictions

Simple, common interface to update client list

Notifies user of authentication attempt from new clients

All actions will be secured

AP Authentication ServiceAP Authentication Service

Enrolling an 802.11 Client

Username: __Dev1__Password: ________

User prompted on PC1 for 802.1x authentication password

User enters info provided by Dev1 vendor (chassis/manual)

PC1 informs AP about successful validation

Console PCConsole PC

Device without UI easily enrolled into secure WLANDevice without UI easily enrolled into secure WLAN

Dev1 PC1 Secure UPnPSecure UPnP

Secure 802.11 link establishedSecure 802.11 link established

Setting up Console PCAssumptionAssumption: : PC1 has built-PC1 has built-in AP control in AP control point softwarepoint software

AssumptionAssumption: AP : AP has ‘first login info’ has ‘first login info’ and ‘AP ID’ made and ‘AP ID’ made available to useravailable to user

Username: ________Password: ________

User prompted for 802.1x authentication information

User can configure AP securely from PC1 anytime

User enters info given by AP vendor (chassis/manual)

AP identifier string displayed to user

Secure 802.11 link establishedSecure 802.11 link established

AP ID : WLP1234

Secure UPnP establishedSecure UPnP established

PC1 becomes the ‘secure console’ for APPC1 becomes the ‘secure console’ for AP

PC1

Access Point DCP Status Configuration Service 0.45

Ready for first plugfest Repeater setup next focus

Authentication Service 0.2 Discussion on optional/required status

Alignment work with other forums SSN and IEEE TGi WECA

Dependency on UPnP Security

Demo

Enrolling into secure WLAN

For the interconnected lifestyle